Embedding Byzantine Fault Tolerance into Federated Learning via Consistency Scoring
This addresses security issues in federated learning for applications like healthcare, though it is an incremental improvement as a plugin to existing methods.
The paper tackles the vulnerability of federated learning to Byzantine attacks from compromised edge devices by proposing a plugin that uses virtual data samples and consistency scoring to filter out malicious updates, achieving over 89.6% test accuracy under targeted attacks compared to 19.5% without it.
Given sufficient data from multiple edge devices, federated learning (FL) enables training a shared model without transmitting private data to the central server. However, FL is generally vulnerable to Byzantine attacks from compromised edge devices, which can significantly degrade the model performance. In this work, we propose an intuitive plugin that seamlessly embeds Byzantine resilience into existing FL methods. The key idea is to generate virtual data samples and evaluate model consistency scores across local updates to effectively filter out compromised updates. By utilizing this scoring mechanism before the aggregation phase, the proposed plugin enables existing FL methods to become robust against Byzantine attacks while maintaining their original benefits. Numerical results on blood cell classification task demonstrate that the proposed plugin provides strong Byzantine resilience. In detail, plugin-attached FedAvg achieves over 89.6% test accuracy under 30% targeted attacks (vs.19.5% w/o plugin) and maintains 65-70% test accuracy under untargeted attacks (vs.17-19% w/o plugin).